AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Syncback free11/10/2023 I noticed this change shortly after r40p0 was released and had always assumed that it was a defense in depth measure against potential issues similar to CVE-2022-38181. While other security patches from the r40 version of the driver had been backported to the Pixel 6 in the January security update, the particular change mentioned in the previous section was missing. What makes this bug interesting from a patching point of view is that it was already fixed publicly in the Arm Mali GPU driver on Octoin the r40p0 release. GHSL-2023-005 can be used to gain arbitrary kernel code execution and root privileges from a malicious app on the Pixel 6. In this post, I’m going to take a very close look at what these two lines, or rather, the lack of them, are capable of. ![]() + if (reg->flags & KBASE_REG_NO_USER_FREE) If (atomic_read(®->cpu_alloc->kernel_mappings) > 0) 1Īll? No, one patch still stubbornly holds out. Peace reigns, disturbed only by occasional toddlers bankrupting their parents with food ordering apps. Vendor drivers like the Arm Mali had laid their patches at Android’s feet. In the year 2023 A.D., after a long struggle, N-day vulnerabilities, such as CVE-2022-33917, CVE-2022-36449, and CVE-2022-38181 had been fixed in the Pixel 6.
0 Comments
Read More
Leave a Reply. |